CVE-2021-1464

A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain restricted access to the configuration information of an affected system. This vulnerability exists because the affected software has insufficient input validation for certain commands. An attacker could exploit this vulnerability by sending crafted requests to the affected commands of an affected system. A successful exploit could allow the attacker to bypass authorization checking and gain restricted access to the configuration data of the affected system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

CVSS v3.0 5.0 MEDIUM

5.0^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-authorization-b-GUEpSLK	Vendor Advisory
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-info-disclos-gGvm9Mfu	Not Applicable
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-cmdinj-nRHKgfHX	Not Applicable
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-xml-ext-entity-q6Z7uVUg	Not Applicable
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-auth-bypass-Z3Zze5XC	Not Applicable
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-cql-inject-c7z9QqyB	Not Applicable
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-sqlinj-HDJUeEAX	Not Applicable
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vdaemon-bo-RuzzEA2	Not Applicable
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-dir-trav-Bpwc5gtm	Not Applicable

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.6:::::::*
	cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.7:::::::*
	cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.5:::::::*
	cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.1.1:::::::*
	cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.3.1:::::::*
	cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.3:::::::*
	cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.1.12:::::::*
	cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.1.1.1:::::::*
	cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.0:::::::*
	cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.097:::::::*
	cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.3:::::::*
	cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.1:::::::*
	cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.0:::::::*
	cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.0.1:::::::*
	cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.1:::::::*
	cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.0:::::::*
	cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.8:::::::*
	cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.9:::::::*
	cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.1.1:::::::*
	cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.1:::::::*
	cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.2:::::::*
	cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.099:::::::*
	cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.098:::::::*
	cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.4:::::::*
	cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.5:::::::*
	cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.302:::::::*
	cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.303:::::::*
	cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.501_es:::::::*
	cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.6:::::::*
	cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.3.0:::::::*
	cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.6:::::::*
	cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.7:::::::*
	cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.8:::::::*
	cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.6.1:::::::*
	cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.4:::::::*
	cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.5:::::::*
	cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.0.0:::::::*
	cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.0.1a:::::::*
	cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.1.0:::::::*
	cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.10:::::::*
	cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.4:::::::*
	cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.2.0:::::::*

History

04 Aug 2025, 14:36

Type	Values Removed	Values Added
First Time		Cisco catalyst Sd-wan Manager Cisco
References	~~() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vdaemon-bo-RuzzEA2 -~~	() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vdaemon-bo-RuzzEA2 - Not Applicable
References	~~() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-dir-trav-Bpwc5gtm -~~	() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-dir-trav-Bpwc5gtm - Not Applicable
References	~~() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-cmdinj-nRHKgfHX -~~	() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-cmdinj-nRHKgfHX - Not Applicable
References	~~() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-authorization-b-GUEpSLK -~~	() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-authorization-b-GUEpSLK - Vendor Advisory
References	~~() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-cql-inject-c7z9QqyB -~~	() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-cql-inject-c7z9QqyB - Not Applicable
References	~~() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-info-disclos-gGvm9Mfu -~~	() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-info-disclos-gGvm9Mfu - Not Applicable
References	~~() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-xml-ext-entity-q6Z7uVUg -~~	() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-xml-ext-entity-q6Z7uVUg - Not Applicable
References	~~() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-sqlinj-HDJUeEAX -~~	() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-sqlinj-HDJUeEAX - Not Applicable
References	~~() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-auth-bypass-Z3Zze5XC -~~	() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-auth-bypass-Z3Zze5XC - Not Applicable
CPE		cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.5:::::::* cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.8:::::::* cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.3.1:::::::* cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.1:::::::* cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.098:::::::* cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.0:::::::* cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.0.1:::::::* cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.2.0:::::::* cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.6:::::::* cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.6:::::::* cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.1.1:::::::* cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.6.1:::::::* cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.10:::::::* cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.7:::::::* cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.4:::::::* cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.302:::::::* cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.3.0:::::::* cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.3:::::::* cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.5:::::::* cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.4:::::::* cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.1.0:::::::* cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.2:::::::* cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.1:::::::* cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.8:::::::* cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.097:::::::* cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.1.12:::::::* cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.1.1.1:::::::* cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.4:::::::* cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.5:::::::* cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.0.0:::::::* cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.099:::::::* cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.9:::::::* cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.1.1:::::::* cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.303:::::::* cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.6:::::::* cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.7:::::::* cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.0:::::::* cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.1:::::::* cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.0.1a:::::::* cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.0:::::::* cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.3:::::::* cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.501_es:::::::*

15 Nov 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-15 17:15

Updated : 2025-08-04 14:36

NVD link : CVE-2021-1464

Mitre link : CVE-2021-1464

JSON object : View

Products Affected

cisco

catalyst_sd-wan_manager

CWE

CWE-20

Improper Input Validation

5.0 /10